|
The topology for this example is like this: it is possible to see this view under Wifi & Switch Controller –> Topology:
In order to understand why the port in the middle between the FortiSwitches is not working, it is necessary to analyze some terminologies:
- All FortiSwitches are able to use MSTP (802.11s), and are backward compatible with STP and RSTP.
- It is possible to include more additional instances and map one or more VLANs to each MSTIs and are able to manage multiple logical topologies.
- The default MSTI 0 cannot be deleted.
- The default Instance is MSTI 0 and it contains VLANs that are not mapped to other instances.
- The FortiSwitches that have the same MSTP configuration for the following attributes are placed in the same region:
Region name: A name assigned to the region. By default, FortiSwitch does not assign a name.
MSTP revision number: A number indicating the MSTP configuration version. The idea is to change the
version number after that the configuration has been changed. By default, FortiSwitch uses version 0.
MSTI to VLAN mapping table: When the mapping is changed, the table is updated. By default, all VLANs
that have not been placed in other MSTIs are placed in MSTI 0.
- The maximum number of MSTIs that can be managed is 16 instances from 0 to 15, and each MSTI elects its own root bridge.
- The INTERNAL interface will always be in as forwarding state.
- it is possible to control MSTI topology by adjusting the values from Bridge ID, port cost, and priority.
- When there is a FortiGate in the topology most of the traffic is sent to it, which means switch management, inter-VLAN, internet, and WAN, and for that reason is better to calculate instances from the FortiGate perspective, as a consequence the MSTP settings are automatically changed in a managed FortiSwitch stack like this:
Bridge priority is reduced to 24576 (default = 32768) on non-MCLAG peer switches directly connected to FortiGate (if FortiSwitch is an MCLAG peer, priority is reduced to 20400).
If there are multiple switches connected to FortiGate, the root bridge is the switch with the lowest MAC address.
The port cost on auto-ISL trunks is set to 1 shortest path to FortiGate is through auto-ISL trunks.
Instances separate data and management instances, and a new instance MSTI 15 is created for switch management traffic.
VLAN 4094 is mapped to MSTI 15 and all other VLANs are mapped to MSTI 0 by default.
Let´s check the topology, each port state is mapped where it is on this order:
Port Speed Cost Priority Role State HelloTime Flags
The FortiSwitch S224EPTF18-----1 is elected as a Root Bridge because is directly connected to the FortiGate and its instance 0 has a priority of 24576, the other ones have a higher priority of 28762 for that reason and are not elected as a root bridge.
The root bridge has the Designated ports this is always true, as a root bridge all the ports always will be as Designated ports.
This Switch S248EPTF19-----0 has an Alternate port in order to break the loop and not saturate the traffic with excessive traffic, the decision to block the port from this switch is because both have the same priority 28762, and the next tiebreaker is the MAC, the lower the MAC the better, so S248EPTF19-----1 won the battle its MAC is lower, and the port under S248EPTF19-----1 will be designated.
Now check if the same behavior happens with Instance 15, the same root Bridge is elected by priority and the same port Alternate is blocked.
It is possible to analyze the logs obtained from each FortiSwitch to make a match:
LAB-WIRELESS-TAC-2 # diagnose switch-controller switch-info stp S224EPTF18-----1
diagnose stp instance list
MST Instance Information, primary-Channel:
Instance ID 0 (CST)
Config Priority 24576
Bridge MAC e81cba853884, MD5 Digest 742f04075e42ee2d6606ac1b87d85cb4
Root MAC e81cba853884, Priority 24576, Path Cost 0, Remaining Hops 20
(This bridge is the root)
Regional Root MAC e81cba853884, Priority 24576, Path Cost 0
(This bridge is the regional root)
Active Times Forward Time 15, Max Age 20, Remaining Hops 20
TCN Events Triggered 3 (0d 19h 58m 32s ago), Received 9 (0d 19h 58m 32s ago)
Port Speed Cost Priority Role State HelloTime Flags
________________ ______ _________ _________ ___________ __________ _________ _______________
port1 1G 20000 128 DESIGNATED FORWARDING 2 EN ED
port2 - 200000000 128 DISABLED DISCARDING 2 ED
port3 - 200000000 128 DISABLED DISCARDING 2 ED
port4 - 200000000 128 DISABLED DISCARDING 2 ED
port5 - 200000000 128 DISABLED DISCARDING 2 ED
port6 - 200000000 128 DISABLED DISCARDING 2 ED
port7 - 200000000 128 DISABLED DISCARDING 2 ED
port8 - 200000000 128 DISABLED DISCARDING 2 ED
port9 - 200000000 128 DISABLED DISCARDING 2 ED
port10 - 200000000 128 DISABLED DISCARDING 2 ED
port11 - 200000000 128 DISABLED DISCARDING 2 ED
port12 - 200000000 128 DISABLED DISCARDING 2 ED
port13 - 200000000 128 DISABLED DISCARDING 2 ED
port14 - 200000000 128 DISABLED DISCARDING 2 ED
port15 - 200000000 128 DISABLED DISCARDING 2 ED
port16 - 200000000 128 DISABLED DISCARDING 2 ED
port17 - 200000000 128 DISABLED DISCARDING 2 ED
port18 - 200000000 128 DISABLED DISCARDING 2 ED
port19 - 200000000 128 DISABLED DISCARDING 2 ED
port20 - 200000000 128 DISABLED DISCARDING 2 ED
port22 - 200000000 128 DISABLED DISCARDING 2 ED
port25 - 200000000 128 DISABLED DISCARDING 2 ED
port26 - 200000000 128 DISABLED DISCARDING 2 ED
port27 - 200000000 128 DISABLED DISCARDING 2 ED
port28 - 200000000 128 DISABLED DISCARDING 2 ED
internal 1G 20000 128 DESIGNATED FORWARDING 2 ED
8EPTF19002841-0 1G 1 128 DESIGNATED FORWARDING 2 EN
8EPTF19003530-0 1G 1 128 DESIGNATED FORWARDING 2 EN
G100ETK19001874 1G 20000 128 DESIGNATED FORWARDING 2 EN ED
Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
MV(PVST Port Vlan Mismatch)
Instance ID 15
Config Priority 24576 , VLANs 4094
Bridge MAC e81cba853884
Regional Root MAC e81cba853884, Priority 24576, Path Cost 0
(This bridge is the regional root)
TCN Events Triggered 5 (0d 2h 18m 6s ago), Received 6 (0d 19h 58m 30s ago)
Port Speed Cost Priority Role State Flags
________________ ______ _________ _________ ___________ __________ _______________
internal 1G 20000 128 DESIGNATED FORWARDING ED
8EPTF19002841-0 1G 1 128 DESIGNATED FORWARDING EN
8EPTF19003530-0 1G 1 128 DESIGNATED FORWARDING EN
G100ETK19001874 1G 20000 128 DESIGNATED FORWARDING EN ED
Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
MV(PVST Port Vlan Mismatch)
S224EPTF18-----1 #
Next Switch:
LAB-WIRELESS-TAC-2 # diagnose switch-controller switch-info stp S248EPTF19-----0
Vdom: root
S248EPTF19-----0:
MST Instance Information, primary-Channel:
Instance ID 0 (CST)
Config Priority 28672
Bridge MAC 04d5903c26b2, MD5 Digest 742f04075e42ee2d6606ac1b87d85cb4
Root MAC e81cba853884, Priority 24576, Path Cost 0, Remaining Hops 19
Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0
Active Times Forward Time 15, Max Age 20, Remaining Hops 19
TCN Events Triggered 3 (0d 17h 59m 44s ago), Received 8 (0d 17h 59m 41s ago)
Port Speed Cost Priority Role State HelloTime Flags
________________ ______ _________ _________ ___________ __________ _________ _______________
port1 - 200000000 128 DISABLED DISCARDING 2 ED
port2 - 200000000 128 DISABLED DISCARDING 2 ED
port3 - 200000000 128 DISABLED DISCARDING 2 ED
port4 - 200000000 128 DISABLED DISCARDING 2 ED
port5 - 200000000 128 DISABLED DISCARDING 2 ED
port6 - 200000000 128 DISABLED DISCARDING 2 ED
port7 - 200000000 128 DISABLED DISCARDING 2 ED
port8 - 200000000 128 DISABLED DISCARDING 2 ED
port9 - 200000000 128 DISABLED DISCARDING 2 ED
port10 - 200000000 128 DISABLED DISCARDING 2 ED
port11 - 200000000 128 DISABLED DISCARDING 2 ED
port12 - 200000000 128 DISABLED DISCARDING 2 ED
port13 - 200000000 128 DISABLED DISCARDING 2 ED
port14 - 200000000 128 DISABLED DISCARDING 2 ED
port15 - 200000000 128 DISABLED DISCARDING 2 ED
port16 - 200000000 128 DISABLED DISCARDING 2 ED
port17 - 200000000 128 DISABLED DISCARDING 2 ED
port18 - 200000000 128 DISABLED DISCARDING 2 ED
port19 - 200000000 128 DISABLED DISCARDING 2 ED
port20 - 200000000 128 DISABLED DISCARDING 2 ED
port21 - 200000000 128 DISABLED DISCARDING 2 ED
port22 - 200000000 128 DISABLED DISCARDING 2 ED
port23 - 200000000 128 DISABLED DISCARDING 2 ED
port24 - 200000000 128 DISABLED DISCARDING 2 ED
port25 - 200000000 128 DISABLED DISCARDING 2 ED
port26 - 200000000 128 DISABLED DISCARDING 2 ED
port27 - 200000000 128 DISABLED DISCARDING 2 ED
port28 - 200000000 128 DISABLED DISCARDING 2 ED
port29 - 200000000 128 DISABLED DISCARDING 2 ED
port30 - 200000000 128 DISABLED DISCARDING 2 ED
port31 - 200000000 128 DISABLED DISCARDING 2 ED
port32 - 200000000 128 DISABLED DISCARDING 2 ED
port33 - 200000000 128 DISABLED DISCARDING 2 ED
port34 - 200000000 128 DISABLED DISCARDING 2 ED
port35 - 200000000 128 DISABLED DISCARDING 2 ED
port36 - 200000000 128 DISABLED DISCARDING 2 ED
port37 - 200000000 128 DISABLED DISCARDING 2 ED
port38 - 200000000 128 DISABLED DISCARDING 2 ED
port39 - 200000000 128 DISABLED DISCARDING 2 ED
port40 - 200000000 128 DISABLED DISCARDING 2 ED
port42 - 200000000 128 DISABLED DISCARDING 2 ED
port43 - 200000000 128 DISABLED DISCARDING 2 ED
port44 - 200000000 128 DISABLED DISCARDING 2 ED
port46 - 200000000 128 DISABLED DISCARDING 2 ED
port47 - 200000000 128 DISABLED DISCARDING 2 ED
port48 - 200000000 128 DISABLED DISCARDING 2 ED
port49 - 200000000 128 DISABLED DISCARDING 2 ED
port50 - 200000000 128 DISABLED DISCARDING 2 ED
port51 - 200000000 128 DISABLED DISCARDING 2 ED
port52 - 200000000 128 DISABLED DISCARDING 2 ED
internal 1G 20000 128 DESIGNATED FORWARDING 2 ED
8EPTF19002841-0 1G 1 128 ALTERNATIVE DISCARDING 2 EN
4EPTF18004511-0 1G 1 128 ROOT FORWARDING 2 EN
Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
MV(PVST Port Vlan Mismatch)
Instance ID 15
Config Priority 28672 , VLANs 4094
Bridge MAC 04d5903c26b2
Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0
TCN Events Triggered 2 (0d 17h 59m 44s ago), Received 5 (0d 0h 19m 17s ago)
Port Speed Cost Priority Role State Flags
________________ ______ _________ _________ ___________ __________ _______________
internal 1G 20000 128 DESIGNATED FORWARDING ED
8EPTF19002841-0 1G 1 128 ALTERNATIVE DISCARDING EN
4EPTF18004511-0 1G 1 128 ROOT FORWARDING EN
Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
MV(PVST Port Vlan Mismatch)
Next FortiSwitch:
LAB-WIRELESS-TAC-2 # diagnose switch-controller switch-info stp S248EPTF19-----1
Vdom: root
S248EPTF19002841:
MST Instance Information, primary-Channel:
Instance ID 0 (CST)
Config Priority 28672
Bridge MAC 04d59010a818, MD5 Digest 742f04075e42ee2d6606ac1b87d85cb4
Root MAC e81cba853884, Priority 24576, Path Cost 0, Remaining Hops 19
Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0
Active Times Forward Time 15, Max Age 20, Remaining Hops 19
TCN Events Triggered 3 (1d 2h 24m 59s ago), Received 11 (0d 17h 59m 58s ago)
Port Speed Cost Priority Role State HelloTime Flags
________________ ______ _________ _________ ___________ __________ _________ _______________
port1 - 200000000 128 DISABLED DISCARDING 2 ED
port2 - 200000000 128 DISABLED DISCARDING 2 ED
port3 - 200000000 128 DISABLED DISCARDING 2 ED
port4 - 200000000 128 DISABLED DISCARDING 2 ED
port5 - 200000000 128 DISABLED DISCARDING 2 ED
port6 - 200000000 128 DISABLED DISCARDING 2 ED
port7 - 200000000 128 DISABLED DISCARDING 2 ED
port8 - 200000000 128 DISABLED DISCARDING 2 ED
port9 - 200000000 128 DISABLED DISCARDING 2 ED
port10 - 200000000 128 DISABLED DISCARDING 2 ED
port11 - 200000000 128 DISABLED DISCARDING 2 ED
port12 - 200000000 128 DISABLED DISCARDING 2 ED
port13 - 200000000 128 DISABLED DISCARDING 2 ED
port14 - 200000000 128 DISABLED DISCARDING 2 ED
port15 - 200000000 128 DISABLED DISCARDING 2 ED
port16 - 200000000 128 DISABLED DISCARDING 2 ED
port17 - 200000000 128 DISABLED DISCARDING 2 ED
port18 - 200000000 128 DISABLED DISCARDING 2 ED
port19 - 200000000 128 DISABLED DISCARDING 2 ED
port20 - 200000000 128 DISABLED DISCARDING 2 ED
port21 - 200000000 128 DISABLED DISCARDING 2 ED
port22 - 200000000 128 DISABLED DISCARDING 2 ED
port23 - 200000000 128 DISABLED DISCARDING 2 ED
port24 - 200000000 128 DISABLED DISCARDING 2 ED
port25 - 200000000 128 DISABLED DISCARDING 2
port26 - 200000000 128 DISABLED DISCARDING 2 ED
port27 - 200000000 128 DISABLED DISCARDING 2 ED
port28 - 200000000 128 DISABLED DISCARDING 2 ED
port29 - 200000000 128 DISABLED DISCARDING 2 ED
port30 - 200000000 128 DISABLED DISCARDING 2 ED
port31 - 200000000 128 DISABLED DISCARDING 2 ED
port32 - 200000000 128 DISABLED DISCARDING 2 ED
port33 - 200000000 128 DISABLED DISCARDING 2 ED
port34 - 200000000 128 DISABLED DISCARDING 2 ED
port35 - 200000000 128 DISABLED DISCARDING 2 ED
port36 - 200000000 128 DISABLED DISCARDING 2 ED
port37 - 200000000 128 DISABLED DISCARDING 2 ED
port38 - 200000000 128 DISABLED DISCARDING 2 ED
port39 - 200000000 128 DISABLED DISCARDING 2 ED
port40 - 200000000 128 DISABLED DISCARDING 2 ED
port41 - 200000000 128 DISABLED DISCARDING 2 ED
port42 - 200000000 128 DISABLED DISCARDING 2 ED
port44 - 200000000 128 DISABLED DISCARDING 2 ED
port45 - 200000000 128 DISABLED DISCARDING 2 ED
port46 - 200000000 128 DISABLED DISCARDING 2 ED
port48 - 200000000 128 DISABLED DISCARDING 2 ED
port49 - 200000000 128 DISABLED DISCARDING 2 ED
port50 - 200000000 128 DISABLED DISCARDING 2 ED
port51 - 200000000 128 DISABLED DISCARDING 2 ED
port52 - 200000000 128 DISABLED DISCARDING 2 ED
internal 1G 20000 128 DESIGNATED FORWARDING 2 ED
4EPTF18004511-0 1G 1 128 ROOT FORWARDING 2 EN
8EPTF19003530-0 1G 1 128 DESIGNATED FORWARDING 2 EN
Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
MV(PVST Port Vlan Mismatch)
Instance ID 15
Config Priority 28672 , VLANs 4094
Bridge MAC 04d59010a818
Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0
TCN Events Triggered 2 (1d 2h 24m 57s ago), Received 7 (0d 0h 19m 30s ago)
Port Speed Cost Priority Role State Flags
________________ ______ _________ _________ ___________ __________ _______________
internal 1G 20000 128 DESIGNATED FORWARDING ED
4EPTF18004511-0 1G 1 128 ROOT FORWARDING EN
8EPTF19003530-0 1G 1 128 DESIGNATED FORWARDING EN
Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
MV(PVST Port Vlan Mismatch)
It is possible to include more instances and configure the desired values on each one following the related documents:
MSTP overview and terminology
MSTP configuration
Viewing the MSTP configuration
|
